Date: Sat, 13 Apr 2013 06:03:45 -0600 From: Scott Long <scottl@samsco.org> To: Rui Paulo <rpaulo@FreeBSD.org>, Gleb Smirnoff <glebius@FreeBSD.org> Cc: "current@freebsd.org" <current@FreeBSD.org>, "net@freebsd.org" <net@FreeBSD.org> Subject: Re: ipfilter(4) needs maintainer Message-ID: <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> In-Reply-To: <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org> References: <20130411201805.GD76816@FreeBSD.org> <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org> <E2F803DD-1F3A-430E-957F-7AB1904CDF42@samsco.org> <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 13, 2013, at 12:33 AM, Rui Paulo <rpaulo@FreeBSD.org> wrote: > On 2013/04/12, at 22:31, Scott Long <scottl@samsco.org> wrote: >=20 >> On Apr 12, 2013, at 7:43 PM, Rui Paulo <rpaulo@FreeBSD.org> wrote: >>=20 >>> On 2013/04/11, at 13:18, Gleb Smirnoff <glebius@FreeBSD.org> wrote: >>>=20 >>>> Lack of maintainer in a near future would lead to bitrot due to = changes >>>> in other areas of network stack, kernel APIs, etc. This already = happens, >>>> many changes during 10.0-CURRENT cycle were only compile tested wrt >>>> ipfilter. If we fail to find maintainer, then a correct decision = would be >>>> to remove ipfilter(4) from the base system before 10.0-RELEASE. >>>=20 >>> This has been discussed in the past. Every time someone came up and = said "I'm still using ipfilter!" and the idea to remove it dies with it.=20= >>> I've been saying we should remove it for 4 years now. Not only it's = outdated but it also doesn't not fit well in the FreeBSD roadmap. Then = there's the question of maintainability. We gave the author a commit bit = so that he could maintain it. That doesn't happen anymore and it sounds = like he has since moved away from FreeBSD. I cannot find any reason to = burden another FreeBSD developer with maintaining ipfilter. >>>=20 >>=20 >> One thing that FreeBSD is bad about (and this really applies to many = open source projects) when deprecating something is that the developer = and release engineering groups rarely provide adequate, if any, tools to = help users transition and cope with the deprecation. The fear of = deprecation can be largely overcome by giving these users a clear and = comprehensive path forward. Just announcing "ipfilter is going away. = EOM" is inadequate and leads to completely justified complaints from = users. >=20 > I agree with the deprecation path, but given the amount of changes = that happened in the last 6 months, I'm not even sure ipfilter is = working fine in FreeBSD CURRENT, but I haven't tested it. >=20 You target audience for this isn't people who track CURRENT, it's people = who are on 7, 8, or 9 and looking to update to 10.x sometime in the = future. >> So with that said, would it be possible to write some tutorials on = how to migrate an ipfilter installation to pf? Maybe some mechanical = syntax docs accompanied by a few case studies? Is it possible for a = script to automate some of the common mechanical changes? Also = essential is a clear document on what goes away with ipfilter and what = is gained with pf. Once those tools are written, I suggest announcing = that ipfilter is available but deprecated/unsupported in FreeBSD 10, and = will be removed from FreeBSD 11. Certain people will still pitch a fit = about it departing, but if the tools are there to help the common users, = you'll be successful in winning mindshare and general support. >=20 >=20 > It's not very difficult to switch an ipf.conf/ipnat.conf to a pf.conf, = but I'm not sure automated tools exist. I'm also not convinced we need = to write them and I think the issue can be deal with by writing a bunch = of examples on how to do it manually. Then we can give people 1y to = switch. >=20 Please believe me that no matter how trivial you think the switch is, a = migration guide still needs to be written. Scott \=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E>